[cf-dev] [Urgent] High severity vulnerability in PHP versions included in the PHP buildpack

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] [Urgent] High severity vulnerability in PHP versions included in the PHP buildpack

Stephen Levine
Hi All,

If you use the PHP buildpack in Cloud Foundry, please see below.

NOTICE: Multiple upstream vulnerabilities have been discovered in all supported PHP versions in the PHP buildpack. MS-ISAC reports that the most severe of these vulnerabilities could allow an attacker to execute arbitrary code. An attacker could take advantage of this type of vulnerability to steal credentials, modify application code, cause a denial of service attack, or take other malicious actions.

ACTION: As soon as possible: Upgrade the PHP buildpack to version 4.3.53. Confirm that PHP apps are configured to use PHP 7.2.5, PHP 7.1.17, PHP 7.0.30, or PHP 5.6.36. Re-stage all PHP apps.


Thanks,
Stephen
CF Buildpacks PM
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#7967) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Change Your Subscription
Group Home
[hidden email]
Terms Of Service
Unsubscribe From This Group

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] [Urgent] High severity vulnerability in PHP versions included in the PHP buildpack

Carlo Alberto Ferraris-3
`cf better-push` can't come fast enough 😢

On Sat, Apr 28, 2018, 11:50 Stephen Levine <[hidden email]> wrote:
Hi All,

If you use the PHP buildpack in Cloud Foundry, please see below.

NOTICE: Multiple upstream vulnerabilities have been discovered in all supported PHP versions in the PHP buildpack. MS-ISAC reports that the most severe of these vulnerabilities could allow an attacker to execute arbitrary code. An attacker could take advantage of this type of vulnerability to steal credentials, modify application code, cause a denial of service attack, or take other malicious actions.

ACTION: As soon as possible: Upgrade the PHP buildpack to version 4.3.53. Confirm that PHP apps are configured to use PHP 7.2.5, PHP 7.1.17, PHP 7.0.30, or PHP 5.6.36. Re-stage all PHP apps.


Thanks,
Stephen
CF Buildpacks PM

_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#7968) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Change Your Subscription
Group Home
[hidden email]
Terms Of Service
Unsubscribe From This Group

_._,_._,_